Upgrading to an APT-Capable Defense; Where to Start, How to Get Funding and See an Immediate Reduction in Risk

As we've seen, we can't just keep doing what we've been doing. The cost of not ensuring the confidentiality, integrity and availability of information is on an upward ramp and, at some stage - if not already, we will reach the tipping point where the cost of not having an effective security program will overtake the cost of having one. Throughout the day we have seen the scope of the attack and we've built a picture of what defenses are required. With limited resources the appropriate defenses cannot be put in place overnight. We need to decide where to start and how to internally "sell" the adaptation of existing programs to meet this growing threat.
In this session we'll discuss this and answer such questions as:

How to change the current mindset to get executive sponsorship for upgrading a security program for this threat?

Where should limited resources be focused first, on which technologies and processes and where?

Which specific mandates, like the inspection of all encrypted traffic and data classification, should be implemented?

How do we make compliance with a chosen set of security policies a minimum "floor", as opposed to a "ceiling", achieved only for a brief period of time?

Is it negligent to create a product or service that has not had any security built into its development lifecycle? Is it negligent to put a product into service without demanding assurance that it was created securely?

Upgrading to an APT-Capable Defense; Where to Start, How to Get Funding and See an Immediate Reduction in Risk

Request to Republish Content

Upgrading to an APT-Capable Defense; Where to Start, How to Get Funding and See an Immediate Reduction in Risk

Email this Content

Upgrading to an APT-Capable Defense; Where to Start, How to Get Funding and See an Immediate Reduction in Risk

Peter Chronis

Chief Security Officer, EarthLink

Peter Chronis is the global Chief Security Officer for EarthLink, Inc. (NASDAQ: ELNK) a $1.2B consumer ISP and managed IT services company, where he is responsible for security product management, information security operations, architecture, governance, compliance and business continuity teams focused on protecting the company, its 1M customers and more than 500,000 IT assets.
Chronis has over 15 years of experience using technology to manage risk for telecommunications, retail, financial and IT services companies. He is the inventor of several innovative proprietary IT security technologies that together have blocked more than 750 billion threats and prevented $100M in fraud.
Prior to EarthLink, Chronis developed sophisticated proprietary fraud detection systems for Lynk Systems, an Atlanta based financial services company that was acquired by the Royal Bank of Scotland and is now called WorldPay.

Joe Doetzl

Doetzl has more than 20 years of IT and Cyber Security experience. Currently, he has global responsibility for the Cyber Security of ABB products and internal systems. Joe has created and led cyber security and compliance programs for multiple electric utilities including auditing multiple utilities for compliance to the NERC CIP standards. Throughout his career, he has been active in multiple regional and national forums dedicated to critical infrastructure protection. Doetzl specializes in the design and implementation of enterprise-wide Information Security and Compliance programs. Further, he has extensive knowledge and experience in network security architecture, firewall management systems, intrusion detection, securing industrial control systems, disaster recovery procedures, security event monitoring, incident response, vulnerability assessment, patch management and security awareness training. Doetzl is a Certified Information Systems Security Professional and has an MS, Computer Science from the University of Colorado and a BS, Mathematics and Computer Science from Marquette University.

Kevin Morrison

Director of Global Security and Compliance (CISO), The Results Companies

Kevin Morrison's background spans more than sixteen years in IT with eleven of those in Information and Cyber Security. Kevin's passion for people and security has included building and leading teams focused on incident management, operations, DLP, mobility, forensics, policy, privacy, and business continuity in highly regulated environments with PCI, HIPAA, GLBA, Safe Harbor, SSAE16, and FISMA compliance requirements across many industries.

Kevin has developed strategic roadmaps focused on holistic risk management controls and investments that align security to business objectives. He has presented extensively within the IT and Security community and has served on a county-wide leadership board. Kevin has served on various customer advisory boards, and in March 2015, he was selected as the ISEÂ® Southeast People's Choice Award Winner. He holds a B.S. in IT from UMass Lowell, and an MBA from Pacific Lutheran University in the Seattle area, while maintaining active CISSP, CISM and CISA certifications.

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.